Here is the Log.
Deckard's System Scanner v20071014.68
Run by MurphC02 on 2008-07-29 12:26:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
-- Last 1 Restore Point(s) --
1: 2008-07-29 11:26:13 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as MurphC02.exe) --------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:51, on 29/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\nsl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Reflection\rnnfserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\Program Files\Cordaware\Infoband\Infoclient.exe
C:\Program Files\Cordaware\Infoband\Infoclient.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\dwrcst.exe
c:\program files\itunes\ituneshelper.exe
c:\windows\system32\hkcmd.exe
c:\program files\dell\dell laser mfp 1600n\networkscan\dnscst.exe
c:\program files\common files\symantec shared\ccapp.exe
c:\program files\adobe\acrobat 8.0\acrobat\acrotray.exe
c:\progra~1\symant~1\vptray.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\ctfmon.exe
c:\program files\common files\ahead\lib\nmbgmonitor.exe
c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\proquota.exe
c:\documents and settings\murphc02\desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\PROGRA~1\TRENDM~1\HIJACK~1\MurphC02.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:81
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {099ac52c-1cd4-434c-9cc6-ff56dabb5010} - (no file)
O2 - BHO: (no name) - {53b7248a-5edc-4d77-9b15-6574e0f39863} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {B782EDE4-CCB3-4E3E-981F-96C68116F38C} - C:\WINDOWS\system32\AcroIEHelpe.dll
O2 - BHO: (no name) - {C3F0B821-8B81-49DF-A282-19BD5B095CBD} - C:\Documents and Settings\MurphC02\Local Settings\Temporary Internet Files\Content.IE5\6HTBZCXR\3077ahntdksr[1].dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MSConfig] c:\windows\pchealth\helpctr\binaries\msconfig.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DellNSCST] "C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe" /HIDEUI
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [BM17b9addc] Rundll32.exe "C:\WINDOWS\system32\gmemnqed.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.ie
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5570695656
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = hun.astron,rrd.com,rrd.net,ams.astron.int
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = hun.astron,rrd.com,rrd.net,ams.astron.int
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = hun.astron,rrd.com,rrd.net,ams.astron.int
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = hun.astron,rrd.com,rrd.net,ams.astron.int
O20 - Winlogon Notify: rnnfsnp - C:\WINDOWS\SYSTEM32\rnnfsnp.dll
O20 - Winlogon Notify: wvulmnmm - wvUlmnmM.dll (file missing)
O20 - Winlogon Notify: wxinfoclient - C:\Program Files\Cordaware\Infoband\wxInfoclient.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cordaware Infoclient(User) (InfoclientUserDesktop) - Cordaware - C:\Program Files\Cordaware\Infoband\Infoclient.exe
O23 - Service: Cordaware Infoclient(Winlogon) (InfoclientWinlogonDesktop) - Cordaware - C:\Program Files\Cordaware\Infoband\Infoclient.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\WINDOWS\system32\nslsvice.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: WRQ Reflection NFS Client (ReflectionNFS) - WRQ, Inc. - C:\Program Files\Reflection\rnnfserv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 12760 bytes
-- File Associations -----------------------------------------------------------
.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 ReflectionNFSRDR (NFS Redirector) - c:\windows\system32\drivers\rrdr_2k.sys <Not Verified; WRQ, Inc.; WRQ Reflection NFS Client>
S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 DWMRCS (DameWare Mini Remote Control) - c:\windows\system32\dwrcs.exe -service <Not Verified; DameWare Development LLC; DameWare Development DWRCS>
R2 InfoclientUserDesktop (Cordaware Infoclient(User)) - c:\program files\cordaware\infoband\infoclient.exe <Not Verified; Cordaware; Cordaware bestinformed>
R2 InfoclientWinlogonDesktop (Cordaware Infoclient(Winlogon)) - c:\program files\cordaware\infoband\infoclient.exe w <Not Verified; Cordaware; Cordaware bestinformed>
R2 Lotus Notes Single Logon - c:\windows\system32\nslsvice.exe <Not Verified; IBM Corp; IBM Lotus Notes/Domino>
R2 Multi-user Cleanup Service - "c:\program files\lotus\notes\ntmulti.exe" <Not Verified; IBM Corp; IBM Lotus Notes/Domino>
R2 ReflectionNFS (WRQ Reflection NFS Client) - c:\program files\reflection\rnnfserv.exe <Not Verified; WRQ, Inc.; WRQ Reflection NFS Client>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia E65
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia E65
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
-- Scheduled Tasks -------------------------------------------------------------
2008-07-29 09:00:54 444 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-07-28 11:07:04 378 --a------ C:\WINDOWS\Tasks\RegCure.job
2008-07-19 13:23:13 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-06-29 and 2008-07-29 -----------------------------
2008-07-29 12:42:57 0 d-------- H:\Deckard
2008-07-29 11:35:38 0 d-------- C:\Program Files\Panda Security
2008-07-29 11:35:37 0 d-------- C:\WINDOWS\LastGood
2008-07-29 08:45:56 0 d-------- C:\Program Files\Trend Micro
2008-07-28 12:46:44 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-28 12:46:42 0 d-------- C:\Documents and Settings\MurphC02\Application Data\Mozilla
2008-07-28 11:24:28 0 d-------- C:\WINDOWS\pss
2008-07-28 10:47:56 0 d-------- C:\Program Files\RegCure
2008-07-28 09:55:13 0 d-------- H:\Rustbfix
2008-07-28 08:08:21 94416 --a------ C:\WINDOWS\system32\AcroIEHelpe.dll <Not Verified; Adobe Systems, Incorporated; Adobe PDF Reader Link Helper>
2008-07-28 08:03:50 0 d-------- C:\WINDOWS\setup.pss
2008-07-28 08:03:34 0 d-------- C:\WINDOWS\system32\dtw5d
2008-07-28 08:03:34 0 d-------- C:\WINDOWS\system32\cks
2008-07-28 07:57:04 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-07-25 13:08:40 85050 --a------ C:\WINDOWS\system32\drivers\776c687c.sys
2008-07-25 12:14:51 0 d-------- C:\Program Files\Spyware Doctor
2008-07-25 12:14:51 0 d-------- C:\Documents and Settings\MurphC02\Application Data\PC Tools
2008-07-24 22:46:46 117760 --a------ C:\WINDOWS\system32\vgyaqrih.dll
2008-07-24 22:46:28 117760 --a------ C:\WINDOWS\system32\vbtfcpma.dll
2008-07-24 22:44:07 117760 --a------ C:\WINDOWS\system32\dpdefgts.dll
2008-07-24 22:41:07 117760 --a------ C:\WINDOWS\system32\guqnxakv.dll
2008-07-24 22:38:07 90624 --a------ C:\WINDOWS\system32\gmemnqed.dll
2008-07-24 14:21:37 0 dr-h----- C:\Documents and Settings\MurphC02\Recent
2008-07-24 10:34:37 372659 --ahs---- C:\WINDOWS\system32\WxGOnUtv.ini2
2008-07-24 10:29:07 36864 --a------ C:\WINDOWS\system32\hgGvsrsS.dll
2008-07-22 13:36:40 0 d-------- C:\Program Files\Common Files\PCSuite
2008-07-22 13:35:18 0 d-------- C:\Program Files\PC Connectivity Solution
2008-07-09 08:33:16 0 d-------- C:\WINDOWS\system32\Adobe
-- Find3M Report ---------------------------------------------------------------
2008-07-29 12:25:50 0 d-------- C:\Program Files\Symantec AntiVirus
2008-07-29 10:44:01 0 d-------- C:\Program Files\DYMO Label
2008-07-28 12:46:05 21504 --a------ C:\WINDOWS\system32\powrprof.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-28 10:52:09 0 d-------- C:\Documents and Settings\MurphC02\Application Data\BPFTP
2008-07-25 12:02:05 3888 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-25 09:12:09 0 d-------- C:\Program Files\Java
2008-07-24 14:57:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-24 11:46:33 0 d-------- C:\Program Files\DigiGuide TV Guide
2008-07-24 08:56:23 0 d-------- C:\Program Files\Microsoft Games
2008-07-22 14:01:51 0 d-------- C:\Documents and Settings\MurphC02\Application Data\Nokia
2008-07-22 13:36:40 0 d-------- C:\Program Files\Nokia
2008-07-22 13:36:35 0 d-------- C:\Program Files\Common Files
2008-07-22 13:36:35 0 d-------- C:\Program Files\Common Files\Nokia
2008-07-09 08:14:29 0 d-------- C:\Documents and Settings\MurphC02\Application Data\Adobe
2008-06-24 14:13:38 98 --a------ C:\WINDOWS\system32\winlogs32.dll
2008-06-24 14:12:11 0 d-------- C:\Program Files\igoodsoft
2008-06-24 14:11:56 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-12 08:29:31 0 d-------- C:\Documents and Settings\MurphC02\Application Data\PC Suite
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{099ac52c-1cd4-434c-9cc6-ff56dabb5010}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53b7248a-5edc-4d77-9b15-6574e0f39863}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B782EDE4-CCB3-4E3E-981F-96C68116F38C}]
28/07/2008 08:08 94416 --a------ C:\WINDOWS\system32\AcroIEHelpe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3F0B821-8B81-49DF-A282-19BD5B095CBD}]
C:\Documents and Settings\MurphC02\Local Settings\Temporary Internet Files\Content.IE5\6HTBZCXR\3077ahntdksr[1].dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\pchealth\helpctr\binaries\msconfig.exe" [04/08/2004 11:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [21/07/2006 17:48]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [21/07/2006 17:50]
"DellNSCST"="C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe" [20/02/2006 15:07]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [29/05/2007 18:33]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [11/01/2008 19:54]
"!AVG Anti-Spyware"="c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" [06/09/2007 08:26]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [06/06/2007 15:25]
"BM17b9addc"="C:\WINDOWS\system32\gmemnqed.dll" [24/07/2008 22:38]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 11:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [13/09/2006 12:12]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [15/06/2007 13:52]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"ProfileQuotaMessage"=You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage.
"EnableProfileQuota"=1 (0x1)
"MaxProfileSize"=30000 (0x7530)
"IncludeRegInProQuota"=1 (0x1)
"WarnUser"=1 (0x1)
"WarnUserTimeout"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rnnfsnp]
rnnfsnp.dll 29/03/2004 04:41 155648 C:\WINDOWS\system32\rnnfsnp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvulmnmm]
wvUlmnmM.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wxinfoclient]
C:\Program Files\Cordaware\Infoband\wxInfoclient.dll 29/07/2008 08:57 47104 C:\Program Files\Cordaware\Infoband\wxInfoclient.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtUnOGxW
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infoclient]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
"C:\Program Files\Spyware Doctor\pctsTray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
"C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
%SystemRoot%\system32\mobsync.exe /logon
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##amssanfile01#itadmin$]
AutoRun\command- setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\autorun.exe
setup\command- D:\setup.exe
-- End of Deckard's System Scanner: finished at 2008-07-29 12:28:22 ------------